Jump to content

Kenny94

Experts
  • Content Count

    2,662
  • Joined

  • Last visited

Everything posted by Kenny94

  1. Thanks guys! David, thank you for putting together the registry script at Here Nice!
  2. Super person! And a Asset to the malware community.

  3. Malwarebytes is number 4 now! I don't count "Advanced SystemCare Free" in the list. Users want computer speed and most of know this is not going happen with boosters, optimizers or registry cleaners.... Also, it nice to know that folks are downloading Antivirus Software that are on top of the list. Then Malwarebytes.
  4. Your being helped here at: http://www.malwarebytes.org/forums/index.p...mp;#entry149079
  5. A guy is driving around the back woods of Montana and he sees a sign in front of a broken down shanty-style house: 'Talking Dog For Sale ' He rings the bell and the owner appears and tells him the dog is in the backyard. The guy goes into the backyard and sees a nice looking Labrador retriever sitting there. 'You talk?' he asks. 'Yep,' the Lab replies. After the guy recovers from the shock of hearing a dog talk, he says 'So, what's your story?' The Lab looks up and says, 'Well, I discovered that I could talk when I was pretty young. I wanted to help the government, so I
  6. Nice Job mbutler315. With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Go to Microsoft's website => http://support.microsoft.com/kb/310994 Select the download that's appropriate for your Ope
  7. Hi mbutler315 and Welcome to Malwarebytes! Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. So lets remove Norton. Unless you just paid for Norton? Then remove Avira from Add/Remove Programs then. Here's how to remove Norton: To remove Norton, Click on Start > Settings > Control Panel double click on Add/Remove Programs, search for every item that belongs to Norton, Syma
  8. Some final items: Follow these steps to uninstall Combofix and all of its files and components. Click START then RUN Now type ComboFix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there. Remove all but the most recent Restore Point on Windows XP You should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidental
  9. Looking better legolas15220. How are things now? Close all other windows except for hijackthis, perform a scan and put a check against the following items and click 'fix checked'. O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKCU\..\Run: [\\RRCC1\EPSON WorkForce 40 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIELA.EXE /FU "C:\DOCUME~1\TNEESE~1.RRC\LOCALS~1\Temp\E_S258.tmp" /EF "HKCU" O4 - HKCU\..\Run: [\\JUDY2008\EPSON WorkForce 40 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIELA.EXE /FU "C:\DOCUME~1\TNEESE~1.RRC\LOCALS~1\Temp\E_S262.tmp"
  10. Can you post me a fresh HijackThis log please.
  11. We need to kill this file c:\windows\system32\guvebehu.dll. Lets see what Malwarebytes does and show us... Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. Click Exit on the Main menu to close the program. Launch Malwarebytes' Anti-Malware If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then
  12. Hi legolas15220 Open Notepad and copy and paste the text in the code box below into it: File:: c:\windows\system32\guvebehu.dll c:\windows\system32\maremapa.dll c:\windows\system32\lulugate.dll c:\windows\isRS-000.tmp c:\windows\system32\zotohajo.dll Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=- Save the file to your desktop and name it CFScript.txt Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below. This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next re
  13. Please download ComboFix from Here or Here to your Desktop. **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop** If you are using Firefox, make sure that your download settings are as follows: Tools->Options->Main tab Set to "Always ask me where to Save the files". [*]During the download, rename Combofix to Combo-Fix as follows: [*]It is important you rename Combofix during the download, but not after. [*]Please do not rename Combofix to other
  14. Hi legolas15220 and Welcome to Malwarebytes! I would like you to generate a "Add/Remove Software list" log using the HijackThis application. Here is how you can do this: To get an Uninstall List from HijackThis: Open HijackThis, click Config, click Misc Tools Click "Open Uninstall Manager" Click "Save List" (generates uninstall_list.txt) Click Save, copy and paste the results in your next post.
  15. Close all other windows except for hijackthis, perform a scan and put a check against the following items and click 'fix checked' O4 - HKCU\..\Run: [flagdrive] "C:\ProgramData\Bird New New.q25er" O4 - HKCU\..\Run: [Okay Proxy Ooze Each] "C:\ProgramData\Dupe bike peak.0bpsy8" Please remove these entries from Add/Remove Programs in the Control Panel Messenger Plus! Live & Sponsor (CiD) Note: If you were using Messenger Plus! Live and want to continue to use it, then reinstall and choose not to install the Sponsor after your computer has been cleaned. Visit: http://chooseknowledge.com/How-to-
  16. Hi Marcdddd, Before we move on, do you know what these are below: O4 - HKCU\..\Run: [flagdrive] "C:\ProgramData\Bird New New.q25er" O4 - HKCU\..\Run: [Okay Proxy Ooze Each] "C:\ProgramData\Dupe bike peak.0bpsy8" Also, I would like you to generate a "Add/Remove Software list" log using the HijackThis application. Here is how you can do this: To get an Uninstall List from HijackThis: Open HijackThis, click Config, click Misc Tools Click "Open Uninstall Manager" Click "Save List" (generates uninstall_list.txt) Click Save, copy and paste the results in your next post.
  17. Hi Marcdddd and Welcome to Malwarebytes! Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. Click Exit on the Main menu to close the program. Launch Malwarebytes' Anti-Malware If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is c
  18. I don't use Spybot anymore. With Malwarebytes , SUPERAntiSpyware and the other tools (Preventive programs) that I posted. I feel there no need. IMO....
  19. That got it.... I'll add you has a friend if you don't mind. Some final items: Follow these steps to uninstall Combofix and all of its files and components. Click START then RUN Now type ComboFix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there. Remove all but the most recent Restore Point on Windows XP You should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these
  20. Hi Mike, We need to remove this Service: Close all other windows except for hijackthis, perform a scan and put a check against the following item and click 'fix checked'. O23 - Service: FCBZEGYG - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\FCBZEGYG.exe (file missing) Go to start > run and copy and paste next command in the field and hit enter: sc delete FCBZEGYG And let me know if it's still there in your log?
  21. Hi Fergie, all is well. Hope you and your son had a nice weekend. Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these Folder (if present): C:\Program Files\RealVNC And post one more HijackThis log
  22. Nope were all done..... Some final items: Follow these steps to uninstall Combofix and all of its files and components. Click START then RUN Now type ComboFix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there. Remove all but the most recent Restore Point on Windows XP You should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.